CFW framework for Vita. More...

Modules
	Hooks Interface
	Patches functions.

	Injection Interface
	Inject raw data into a module.

Data Structures
struct	_tai_module_info
	Extended module information. More...

struct	_tai_hook_args
	Pass hook arguments to kernel. More...

struct	_tai_offset_args
	Pass offset arguments to kernel. More...

struct	_tai_module_args
	Pass module arguments to kernel. More...

Macros
#define	KERNEL_PID 0x10005

#define	TAI_ANY_LIBRARY 0xFFFFFFFF

#define	TAI_IGNORE_MODULE_NID 0xFFFFFFFF

#define	TAI_MAIN_MODULE ((void *)0)

#define	HELPER inline static __attribute__((unused))

Typedefs
typedef struct _tai_module_info	tai_module_info_t
	Extended module information. More...

typedef struct _tai_hook_args	tai_hook_args_t
	Pass hook arguments to kernel.

typedef struct _tai_offset_args	tai_offset_args_t
	Pass offset arguments to kernel.

typedef struct _tai_module_args	tai_module_args_t
	Pass module arguments to kernel.

Plugin loading
Kernel plugin loading plugins manually
int	taiLoadPluginsForTitleForKernel (SceUID pid, const char *titleid, int flags)
	Parses the taiHEN config and loads all plugins for a titleid to a process. More...

Skprx Load
Kernel module loading exports to user
SceUID	taiLoadKernelModule (const char path, int flags, void opt)
	Loads a kernel module. More...

int	taiStartKernelModuleForUser (SceUID modid, tai_module_args_t args, void opt, int *res)
	Starts a kernel module. More...

SceUID	taiLoadStartKernelModuleForUser (const char path, tai_module_args_t args)
	Loads and starts a kernel module. More...

SceUID	taiLoadStartModuleForPidForUser (const char path, tai_module_args_t args)
	Loads and starts a user module for another process. More...

int	taiStopKernelModuleForUser (SceUID modid, tai_module_args_t args, void opt, int *res)
	Stops a kernel module. More...

int	taiUnloadKernelModule (SceUID modid, int flags, void *opt)
	Unloads a kernel module directly. More...

int	taiStopUnloadKernelModuleForUser (SceUID modid, tai_module_args_t args, void opt, int *res)
	Stops and unloads a kernel module. More...

int	taiStopModuleForPidForUser (SceUID modid, tai_module_args_t args, void opt, int *res)
	Stops a user module for another process. More...

int	taiUnloadModuleForPid (SceUID pid, SceUID modid, int flags, void *opt)
	Unloads a user module for a process directly. More...

int	taiStopUnloadModuleForPidForUser (SceUID modid, tai_module_args_t args, void opt, int *res)
	Stops and unloads a user module for a process. More...

HELPER int	taiStartKernelModule (SceUID modid, int args, void argp, int flags, void opt, int *res)
	Helper function for taiStartKernelModuleForUser. More...

HELPER SceUID	taiLoadStartKernelModule (const char path, int args, void argp, int flags)
	Helper function for taiLoadStartKernelModuleForUser. More...

HELPER SceUID	taiLoadStartModuleForPid (SceUID pid, const char path, int args, void argp, int flags)
	Helper function for taiLoadStartModuleForPidForUser. More...

HELPER int	taiStopKernelModule (SceUID modid, int args, void argp, int flags, void opt, int *res)
	Helper function for taiStopKernelModuleForUser. More...

HELPER int	taiStopUnloadKernelModule (SceUID modid, int args, void argp, int flags, void opt, int *res)
	Helper function for taiStopUnloadKernelModuleForUser. More...

HELPER int	taiStopModuleForPid (SceUID pid, SceUID modid, int args, void argp, int flags, void opt, int *res)
	Helper function for taiStopModuleForPidForUser. More...

HELPER int	taiStopUnloadModuleForPid (SceUID pid, SceUID modid, int args, void argp, int flags, void opt, int *res)
	Helper function for taiStopUnloadModuleForPidForUser. More...

Peek/Poke
Read/write kernel memory (no MMU bypass)
int	taiMemcpyUserToKernel (void kernel_dst, const void user_src, size_t len)
	Copies data from user to kernel. More...

int	taiMemcpyKernelToUser (void user_dst, const void kernel_src, size_t len)
	Copies data from kernel to user. More...

Detailed Description

CFW framework for Vita.

Provides basic helper utilities for plugins that aid in user to kernel interaction.

taiHEN proves three types of exports. First is a patch system for modifying code and read-only data. Second is basic peek/poke for the kernel. Third is support for loading kernel modules.

A common question is: when should I use hooks, injections, and peek/poke? If you wish to patch writable data in the kernel and you know the address, then taiMemcpyKernelToUser works. If you don't know the address but you know the offset from its ELF segment then use an injection. If it is read-only data, then use an injection. Finally, if you wish to patch a function to run your own code, you should use a hook.

Macro Definition Documentation

§ HELPER

#define HELPER inline static __attribute__((unused))

Functions for calling the syscalls with arguments

Definition at line 46 of file taihen.h.

§ KERNEL_PID

#define KERNEL_PID 0x10005

PID for kernel process

Definition at line 34 of file taihen.h.

§ TAI_ANY_LIBRARY

#define TAI_ANY_LIBRARY 0xFFFFFFFF

Fake library NID indicating that any library NID would match.

Definition at line 37 of file taihen.h.

§ TAI_IGNORE_MODULE_NID

#define TAI_IGNORE_MODULE_NID 0xFFFFFFFF

Fake module NID indicating that any module NID would match.

Definition at line 40 of file taihen.h.

§ TAI_MAIN_MODULE

#define TAI_MAIN_MODULE ((void *)0)

Fake module name indicating the current process's main module.

Definition at line 43 of file taihen.h.

Typedef Documentation

§ tai_module_info_t

typedef struct _tai_module_info tai_module_info_t

Extended module information.

This supplements the output of sceKernelGetModuleInfo

Function Documentation

§ taiLoadKernelModule()

SceUID taiLoadKernelModule	(	const char *	path,
		int	flags,
		void *	opt
	)

Loads a kernel module.

Parameters

[in]	path	The path to the skprx
[in]	flags	The flags
	opt	Optional arguments, set to NULL

Returns

A module reference on success, < 0 on error

TAI_ERROR_INVALID_ARGS if opt is not NULL
TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 373 of file taihen-user.c.

§ taiLoadPluginsForTitleForKernel()

int taiLoadPluginsForTitleForKernel	(	SceUID	pid,
		const char *	titleid,
		int	flags
	)

Parses the taiHEN config and loads all plugins for a titleid to a process.

Parameters

[in]	pid	The pid to load to
[in]	titleid	The title to read from the config
[in]	flags	The flags

Returns

Zero on success, < 0 on error

TAI_ERROR_SYSTEM if the config file is invalid

Definition at line 270 of file taihen.c.

§ taiLoadStartKernelModule()

HELPER SceUID taiLoadStartKernelModule	(	const char *	path,
		int	args,
		void *	argp,
		int	flags
	)

Helper function for taiLoadStartKernelModuleForUser.

See also: taiLoadStartKernelModuleForUser

Parameters

[in]	path	The path of the skprx
[in]	args	The size of the arguments
	argp	The arguments
[in]	flags	The flags

Definition at line 472 of file taihen.h.

§ taiLoadStartKernelModuleForUser()

SceUID taiLoadStartKernelModuleForUser	(	const char *	path,
		tai_module_args_t *	args
	)

Loads and starts a kernel module.

Parameters

[in]	path	The path of the skprx
[in]	args	The arguments

Returns

A module reference on success, < 0 on error

TAI_ERROR_INVALID_ARGS if args is too large
TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 469 of file taihen-user.c.

§ taiLoadStartModuleForPid()

HELPER SceUID taiLoadStartModuleForPid	(	SceUID	pid,
		const char *	path,
		int	args,
		void *	argp,
		int	flags
	)

Helper function for taiLoadStartModuleForPidForUser.

See also: taiLoadStartModuleForPidForUser

Parameters

[in]	pid	The pid to load to
[in]	path	The path of the suprx
[in]	args	The size of the arguments
	argp	The arguments
[in]	flags	The flags

Definition at line 492 of file taihen.h.

§ taiLoadStartModuleForPidForUser()

SceUID taiLoadStartModuleForPidForUser	(	const char *	path,
		tai_module_args_t *	args
	)

Loads and starts a user module for another process.

Parameters

[in]	path	The path of the skprx
[in]	args	The arguments

Returns

A module reference on success, < 0 on error

TAI_ERROR_INVALID_ARGS if args is too large
TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 522 of file taihen-user.c.

§ taiMemcpyKernelToUser()

int taiMemcpyKernelToUser	(	void *	user_dst,
		const void *	kernel_src,
		size_t	len
	)

Copies data from kernel to user.

Does not bypass the MMU!

See also: taiInjectData

Parameters

	user_dst	The user address
[in]	kernel_src	The kernel address
[in]	len	The length

Returns

Zero on success, < 0 on error

TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 916 of file taihen-user.c.

§ taiMemcpyUserToKernel()

int taiMemcpyUserToKernel	(	void *	kernel_dst,
		const void *	user_src,
		size_t	len
	)

Copies data from user to kernel.

Parameters

	kernel_dst	The kernel address
[in]	user_src	The user address
[in]	len	The length

Returns

Zero on success, < 0 on error

TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 884 of file taihen-user.c.

§ taiStartKernelModule()

HELPER int taiStartKernelModule	(	SceUID	modid,
		int	args,
		void *	argp,
		int	flags,
		void *	opt,
		int *	res
	)

Helper function for taiStartKernelModuleForUser.

See also: taiStartKernelModuleForUser

Parameters

[in]	modid	The id from `taiLoadKernelModule`
[in]	args	The size of the arguments
	argp	The arguments
[in]	flags	The flags
	opt	Optional arguments, set to NULL
	res	Return value of `module_start`

Definition at line 453 of file taihen.h.

§ taiStartKernelModuleForUser()

int taiStartKernelModuleForUser	(	SceUID	modid,
		tai_module_args_t *	args,
		void *	opt,
		int *	res
	)

Starts a kernel module.

Parameters

[in]	modid	The id from `taiLoadKernelModule`
[in]	args	The arguments
	opt	Optional arguments, set to NULL
	res	Return value of `module_start`

Returns

Zero on success, < 0 on error

TAI_ERROR_INVALID_ARGS if args is too large or opt is not NULL
TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 416 of file taihen-user.c.

§ taiStopKernelModule()

HELPER int taiStopKernelModule	(	SceUID	modid,
		int	args,
		void *	argp,
		int	flags,
		void *	opt,
		int *	res
	)

Helper function for taiStopKernelModuleForUser.

See also: taiStopKernelModuleForUser

Parameters

[in]	modid	The loaded module reference
[in]	args	The size of the arguments to `module_stop`
	argp	The arguments to `module_stop`
[in]	flags	The flags
	opt	Optional arguments, set to NULL
	res	Return value of `module_stop`

Definition at line 514 of file taihen.h.

§ taiStopKernelModuleForUser()

int taiStopKernelModuleForUser	(	SceUID	modid,
		tai_module_args_t *	args,
		void *	opt,
		int *	res
	)

Stops a kernel module.

Parameters

[in]	modid	The loaded module reference
[in]	args	The arguments
	opt	Optional arguments, set to NULL
	res	Return value of `module_stop`

Returns

Zero on success, < 0 on error

TAI_ERROR_INVALID_ARGS if args is too large or opt is not NULL
TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 576 of file taihen-user.c.

§ taiStopModuleForPid()

HELPER int taiStopModuleForPid	(	SceUID	pid,
		SceUID	modid,
		int	args,
		void *	argp,
		int	flags,
		void *	opt,
		int *	res
	)

Helper function for taiStopModuleForPidForUser.

See also: taiStopModuleForPidForUser

Parameters

[in]	pid	The pid
[in]	modid	The loaded module reference
[in]	args	The size of the arguments to `module_stop`
	argp	The arguments to `module_stop`
[in]	flags	The flags
	opt	Optional arguments, set to NULL
	res	Return value of `module_stop`

Definition at line 557 of file taihen.h.

§ taiStopModuleForPidForUser()

int taiStopModuleForPidForUser	(	SceUID	modid,
		tai_module_args_t *	args,
		void *	opt,
		int *	res
	)

Stops a user module for another process.

Parameters

[in]	modid	The loaded module reference
[in]	args	The arguments
	opt	Optional arguments, set to NULL
	res	Return value of `module_stop`

Returns

Zero on success, < 0 on error

TAI_ERROR_INVALID_ARGS if args is too large or opt is not NULL
TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 734 of file taihen-user.c.

§ taiStopUnloadKernelModule()

HELPER int taiStopUnloadKernelModule	(	SceUID	modid,
		int	args,
		void *	argp,
		int	flags,
		void *	opt,
		int *	res
	)

Helper function for taiStopUnloadKernelModuleForUser.

See also: taiStopUnloadKernelModuleForUser

Parameters

[in]	modid	The loaded module reference
[in]	args	The size of the arguments to `module_stop`
	argp	The arguments to `module_stop`
[in]	flags	The flags
	opt	Optional arguments, set to NULL
	res	Return value of `module_stop`

Definition at line 535 of file taihen.h.

§ taiStopUnloadKernelModuleForUser()

int taiStopUnloadKernelModuleForUser	(	SceUID	modid,
		tai_module_args_t *	args,
		void *	opt,
		int *	res
	)

Stops and unloads a kernel module.

Parameters

[in]	modid	The loaded module reference
[in]	args	The arguments
	opt	Optional arguments, set to NULL
	res	Return value of `module_stop`

Returns

Zero on success, < 0 on error

TAI_ERROR_INVALID_ARGS if args is too large or opt is not NULL
TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 675 of file taihen-user.c.

§ taiStopUnloadModuleForPid()

HELPER int taiStopUnloadModuleForPid	(	SceUID	pid,
		SceUID	modid,
		int	args,
		void *	argp,
		int	flags,
		void *	opt,
		int *	res
	)

Helper function for taiStopUnloadModuleForPidForUser.

See also: taiStopUnloadModuleForPidForUser

Parameters

[in]	pid	The pid
[in]	modid	The loaded module reference
[in]	args	The size of the arguments to `module_stop`
	argp	The arguments to `module_stop`
[in]	flags	The flags
	opt	Optional arguments, set to NULL
	res	Return value of `module_stop`

Definition at line 580 of file taihen.h.

§ taiStopUnloadModuleForPidForUser()

int taiStopUnloadModuleForPidForUser	(	SceUID	modid,
		tai_module_args_t *	args,
		void *	opt,
		int *	res
	)

Stops and unloads a user module for a process.

Parameters

[in]	modid	The loaded module reference
[in]	args	The arguments
	opt	Optional arguments, set to NULL
	res	Return value of `module_stop`

Returns

Zero on success, < 0 on error

TAI_ERROR_INVALID_ARGS if args is too large or opt is not NULL
TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 829 of file taihen-user.c.

§ taiUnloadKernelModule()

int taiUnloadKernelModule	(	SceUID	modid,
		int	flags,
		void *	opt
	)

Unloads a kernel module directly.

Parameters

[in]	modid	The loaded module reference
[in]	flags	The flags
	opt	Set to `NULL`

Returns

Zero on success, < 0 on error

TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 633 of file taihen-user.c.

§ taiUnloadModuleForPid()

int taiUnloadModuleForPid	(	SceUID	pid,
		SceUID	modid,
		int	flags,
		void *	opt
	)

Unloads a user module for a process directly.

Parameters

[in]	modid	The loaded module reference
[in]	flags	The flags
	opt	Set to `NULL`

Returns

Zero on success, < 0 on error

TAI_ERROR_NOT_ALLOWED if caller does not have permission

Definition at line 789 of file taihen-user.c.

Modules

Data Structures

Macros

Typedefs

Plugin loading

Skprx Load

Peek/Poke

Detailed Description

Macro Definition Documentation

§ HELPER

§ KERNEL_PID

§ TAI_ANY_LIBRARY

§ TAI_IGNORE_MODULE_NID

§ TAI_MAIN_MODULE

Typedef Documentation

§ tai_module_info_t

Function Documentation

§ taiLoadKernelModule()

§ taiLoadPluginsForTitleForKernel()

§ taiLoadStartKernelModule()

§ taiLoadStartKernelModuleForUser()

§ taiLoadStartModuleForPid()

§ taiLoadStartModuleForPidForUser()

§ taiMemcpyKernelToUser()

§ taiMemcpyUserToKernel()

§ taiStartKernelModule()

§ taiStartKernelModuleForUser()

§ taiStopKernelModule()

§ taiStopKernelModuleForUser()

§ taiStopModuleForPid()

§ taiStopModuleForPidForUser()

§ taiStopUnloadKernelModule()

§ taiStopUnloadKernelModuleForUser()

§ taiStopUnloadModuleForPid()

§ taiStopUnloadModuleForPidForUser()

§ taiUnloadKernelModule()

§ taiUnloadModuleForPid()